The bookshelf service is an Amazon Simple Storage Service (S3)-compatible service that is used to store cookbooks, including all of the files—recipes, templates, and so on—that are associated with each cookbook.

The nginx service is used to manage traffic to the Chef server, including virtual hosts for internal and external API request/response routing, external add-on request routing, and routing between front- and back-end components.

The opscode-solr4 service is used to create the search indexes used for searching objects like nodes, data bags, and cookbooks. (This service ensures timely search results via the Chef server API; data that is used by the Chef platform is stored in PostgreSQL.)

The rabbitmq service is used to provide the message queue that is used by the Chef server to get search data to Apache Solr so that it can be indexed for search. When Chef Analytics is configured, the rabbitmq service is also used to send data from the Chef server to the Chef Analytics server.

Disable the guest user by changing the password once the created user is tested.

rabbitmqctl add_user <username> <password>

Avoid use of RabbitMQ default port and configure to use our own choice. Edit the port in rabbitMq.config file. uncomment following line and edit the port : {tcp_listeners, [<rabbitMQ port>]} and {listener, [{port, <rabbitMQ management port>}.

Install management console of rabbitmq using following command :

Copy /usr/share/doc/rabbitmq-server/ rabbitmq.config.example in /etc/rabbitmq folder and rename it as rabbitmq.config. Edit the permissions for the file to: 666

Like this:

This document is helpful while setting up Jumphost server(mid-proxy) and configuring it with RabbitMQ.

Each private network is (normally) dedicated to a single tenant. Within that private network, there is a jumphost that can access the other VMs within the private network. No network access is required to the jumphost from outside. This jumphost run an agent (the “AMP Jumphost” product).

A clustered message broker (e.g. RabbitMQ) is used send requests to the jumphost, and to receive responses from it.

Through this mechanism, commands are executed on VMs within the private network.
The sequence for command execution (e.g. SSH or WinRM on a VM in the private network) is:
1. Manual pre-configuration:
i. The message broker cluster is pre-installed.
ii. For a new private network, the jumphost is manually set up within private network. On startup it automatically
subscribes to the message broker to receive the relevant requests.
2. AMP subscribes to a response queue, ready to receive the result.
3. AMP publishes a request to the appropriate queue on the message broker; this request describes the command to be
executed and the response queue to use.
4. The jumphost picks up the request, validates it, and executes it.
5. The jumphost publishes the result to a response queue (e.g. exit status, stdout and stderr).
6. AMP receives the response via the message broker. The AMP instances and the jumphost access the message broker via AMQP.

Step-by-step guide

RabbitMQ installation and configuration steps:

RabbitMQ is a message bus that acts as a messaging broker – an intermediary for messaging. It gives your applications a common platform to send and receive messages, and your messages a safe place to live until received.

RabbitMQ runs on the Erlang runtime, so before you can install and run RabbitMQ, you’ll need to install Erlang.

Install jumphost by unpacking the tar with the following commandtar -zxvf jumphost-1.0.0-20160121.1603-dist.tar.gz

Make a file in /home/user/.brooklyn/ named jumphost.propertiesjumphost.id=JUMPHOST_123 tenant.id=TENANT_123messageManager.rabbitmq.host=<rabbitmq ip> messageManager.rabbitmq.port=<rabbitmq port>messageManager.rabbitmq.username=guestmessageManager.rabbitmq.password=guestmessageManager.crypto.secretKey=UmFuZG9tRW5jcnlwdEtleQ==messageManager.crypto.initVector=UmFuZG9tSW5pdFZlY3Rvcg==jumphost.id, tenant.id values can be anything you want.
messageManager.rabbitmq.host is the external ip of rabbitmqmessageManager.rabbitmq.port is the external port of rabbitmqNo other properties need to be edited.

You will also need to check the value of Entropy on your jumphost server. An entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators. A lack of entropy can have a negative impact on performance and security. 1. You can check the value of Entropy by the following command cat /proc/sys/kernel/random/entropy_avail 2. It is recommended for it to be more than 1000. To increase your entropy execute the following commands. sudo yum -y -q install rng-tools sudo chmod 666 /etc/sysconfig/rngd (this step to be performed only if you are not logged in as root) vi /etc/sysconfig/rngdEdit the EXTRAOPTIONS as follows EXTRAOPTIONS=”-r /dev/urandom” sudo chmod 640 /etc/sysconfig/rngd (this step to be performed only if you are not logged in as root) sudo chkconfig rngd on sudo service rngd start 3. Now check your Entropy again cat /proc/sys/kernel/random/entropy_avail. It should be increased to more than 1000.

You can now launch jumphost with the following commandcd cloudsoft-jumphost-1.0.0-20160330.1541./bin/jumphost launch > /dev/null &

This launches the jumphost and this is all you need to install and start your mid-proxy server.

Configuring AMP to route through RabbitMQ and Jumphost:

Edit brooklyn.properties in the properties section of any location add the following properties for the location your jumphost isbrooklyn.location.named.MyPrivateLocation_TAI_Test.requiresSubnetTier=falsebrooklyn.location.named.MyPrivateLocation_TAI_Test.useJcloudsSshInit=falsebrooklyn.location.named.MyPrivateLocation_TAI_Test.pollForFirstReachableAddress=falsebrooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass=io.cloudsoft.amp.jumphost.ssh.client.SshProxiedToolbrooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.jumphost.id=JUMPHOST_123 ##jumphost.id given in jumphost.propertiesbrooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.tenant.id=TENANT_123 ##tenant.id given in jumphost.propertiesbrooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.rabbitmq.host=<rabbitmq_ip> ##internal rabbitmq ipbrooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.rabbitmq.port=<rabbitmq_port> ##internal rabbitmq portbrooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.rabbitmq.username=guestbrooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.rabbitmq.password=guestbrooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.crypto.secretKey=UmFuZG9tRW5jcnlwdEtleQ==brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.crypto.initVector=UmFuZG9tSW5pdFZlY3Rvcg==

Save the brooklyn.properties and reload properties in console.

Then you can deploy any BP via the location you have just configured. It will use RabbitMQ and jumphost to deploy the BP in the private network.

Following is the list of config keys to pass for respective BPs:For JBoss AS 7, use httpMonitoring.enabled: false .For JBoss AS 6, use jmx.enabled: false .For Tomcat, use jmx.enabled: false .For MongoDB, use clientMonitoring.enabled: false (though this will not work for clustered MongoDB).For Riak, use httpMonitoring.enabled: false .For Cassandra, use thriftMonitoring.enabled: false and jmx.enabled: false .

You can verify that the deployment took place via jumphost by checking if the newly created VM’s IP has been natted in sensors tab. In case of the use of jumphost the IP address will not be natted will show internal IP in sensors tab.